<?php
function AdminPages() {
	if ($_SESSION ["ses-id"] != "" && $_SESSION ["user-name"] != "" && $_SESSION ["user-pass"] != "") {
		// проверка пользователя
		$_SELECT = $_MYSQL->SELECT ( "SELECT `user-id` FROM `{p}users` WHERE `user-name` = '" . $_SESSION ["user-name"] . "' AND `user-pass` = '" . $_SESSION ["user-pass"] . "';" );
		if (! $_SELECT) {
			pageLogin ();
			return 0;
		}
		$user_id = $_SELECT ["user-id"];
		$_SELECT = $_MYSQL->SELECT ( "SELECT `ses-id` FROM `{p}user-sessions` WHERE `se-id` = '" . $_SESSION ["ses-id"] . "' AND `user-id` = '" . $user - id . "';" );
		if (! $_SELECT) {
			pageLogin ();
			return 0;
		}
	} else {
		pageLogin ();
	}
	return 0;
}
function pageLogin() {
	global $_Main, $_TPL;
	$tmpT = array ("site-title" => "Вход в админ панель", "site-links" => "<h>/search-full</h><t>Расширенные поиск</t><h></h><t>Вход</t>", "site-header" => "" );
	$_Main->MakePage ( "page.admin-login", $tmpT );
	return 0;
}
function pageAdmin() {
	global $_Main, $_TPL, $_Conf;
	$tmpT = array ("site-title" => "Админ панель", "site-links" => "<h>/search-full</h><t>Расширенные поиск</t><h></h><t>Админ панель</t>", "site-header" => "", "site_lifetime" => $_Conf->site_lifetime, "log_lifetime" => $_Conf->site_lifetime );
	
	$_Main->MakePage ( "page.admin", $tmpT );
	return 0;
}
function ajaxAdmin() {
	global $_MYSQL;
	if ($_POST ["do"] == "login") {
		$_POST ["user-name"] = trim ( htmlspecialchars ( $_POST ["user-name"] ) );
		$_POST ["user-pass"] = md5 ( trim ( htmlspecialchars ( $_POST ["user-pass"] ) ) );
		$_SELECT = $_MYSQL->SELECT ( "SELECT `user-id` FROM `{p}users` WHERE `user-name` = '" . $_POST ["user-name"] . "' AND `user-pass` = '" . $_POST ["user-pass"] . "';" );
		if (! $_SELECT) {
			header ( "Location: " . $_Conf->site_url . "/admin" );
			return 0;
		}
		$_SESSION ["user-name"] = $_POST ["user-name"];
		$_SESSION ["user-pass"] = $_POST ["user-pass"];
		$_QUERY = $_MYSQL->QUERY ( "DELETE FROM `{p}user-sessions` WHERE `user-id` = " . $_SELECT ["user-id"] );
		$_SESSION ["ses-id"] = session_name ();
		$_QUERY = $_MYSQL->QUERY ( "INSERT INTO `{p}user-sessions` (`ses-id`, `user-id`) VALUES ('" . $_SESSION ["ses-id"] . "', " . $_SELECT ["user-id"] . ");" );
		header ( "Location: " . $_Conf->site_url . "/admin" );
	}
	return 0;
}
?>
